Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

link to a review of OpenBSD 3.5

From: Kelly Martin <kellymartin () gmail com>
Date: Fri, 30 Jul 2004 11:32:05 -0600
I saw this on Slashdot last week and thought I would post the link here,
due to the OpenBSD project's pure focus on security.

http://os.newsforge.com/article.pl?sid=04/07/20/180234&tid=8&tid=132

The article has a few minor inaccuracies, but otherwise it's a pretty
good review. I would agree that the patching process for security
updates is quite good, though many of us who administer numerous
OpenBSD servers prefer to follow the -STABLE branch in CVS and
recompile our kernel on a monthly basis -- it's actually quite easy,
and the documentation to do this is pretty clear. Then you only need
to jump on security patches for the most serious vulnerabilities.

Note that in OpenBSD, appls like Apache, OpenSSH, OpenSSL, GCC, and
many others are installed as part of the core operating system. I've
always liked this approach. The advantage is that you can recompile
the -STABLE branch of the OS and you'll always be current on your
security updates. No need to hunt around for a hundred different
updates.

An aside -- a few people have asked for my thoughts on a good threaded
mail reader for this mailing list. It's entirely personal preference,
of course, but I've found GMail to be excellent for following
discussion threads. Then it's easy to search the archives too. :)
That's what I use myself when I'm not moderating the list...

Regards,
Kelly Martin

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: